Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rolls&Rights #13

Merged
merged 6 commits into from
Dec 5, 2024
Merged

Rolls&Rights #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
fc15af9
Admin, Warehouse & Inventory Manager
safouuwa Dec 2, 2024
dd70b74
FloorManager, Operator, Supervisor & Analyst
safouuwa Dec 2, 2024
fdcd08a
Logistics & Sales
safouuwa Dec 2, 2024
1bb3566
Rolls volledig werkend
safouuwa Dec 3, 2024
1ed3772
Unauthorization detail
safouuwa Dec 3, 2024
e3181ef
SecurityTests voor Rollen
safouuwa Dec 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions C#api/Controllers/BaseApiController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,10 @@ protected IActionResult CheckAuthorization(string apiKey, string resource, strin
{
var user = AuthProvider.GetUser(apiKey);
if (user == null)
return Unauthorized();
return Unauthorized($"ApiKey: {apiKey} is not valid as it is not linked to an existing user");

if (!AuthProvider.HasAccess(user, resource, operation))
return Forbid();
return Unauthorized($"{user.App} cannot access this functionality");

return null;
}
Expand Down
4 changes: 2 additions & 2 deletions C#api/Controllers/ClientsController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public IActionResult GetClients()
[HttpGet("{id}")]
public IActionResult GetClient(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "clients", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "clients", "getsingle");
if (auth != null) return auth;

var client = DataProvider.fetch_client_pool().GetClient(id);
Expand All @@ -37,7 +37,7 @@ public IActionResult GetClient(int id)
[HttpGet("{id}/orders")]
public IActionResult GetClientOrders(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "clients", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "clients", "getsingle");
if (auth != null) return auth;

var orders = DataProvider.fetch_order_pool().GetOrdersForClient(id);
Expand Down
2 changes: 1 addition & 1 deletion C#api/Controllers/InventoriesController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public IActionResult GetInventories()
[HttpGet("{id}")]
public IActionResult GetInventory(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "inventories", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "inventories", "getsingle");
if (auth != null) return auth;

var inventory = DataProvider.fetch_inventory_pool().GetInventory(id);
Expand Down
4 changes: 2 additions & 2 deletions C#api/Controllers/Item_GroupsController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public IActionResult GetItemGroups()
[HttpGet("{id}")]
public IActionResult GetItemGroup(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_groups", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_groups", "getsingle");
if (auth != null) return auth;

var itemGroup = DataProvider.fetch_itemgroup_pool().GetItemGroup(id);
Expand All @@ -37,7 +37,7 @@ public IActionResult GetItemGroup(int id)
[HttpGet("{id}/items")]
public IActionResult GetItemGroupItems(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_groups", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_groups", "getsingle");
if (auth != null) return auth;

var items = DataProvider.fetch_item_pool().GetItemsForItemGroup(id);
Expand Down
4 changes: 2 additions & 2 deletions C#api/Controllers/Item_LinesController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public IActionResult GetItemLines()
[HttpGet("{id}")]
public IActionResult GetItemLine(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_lines", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_lines", "getsingle");
if (auth != null) return auth;

var itemLine = DataProvider.fetch_itemline_pool().GetItemLine(id);
Expand All @@ -37,7 +37,7 @@ public IActionResult GetItemLine(int id)
[HttpGet("{id}/items")]
public IActionResult GetItemLineItems(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_lines", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_lines", "getsingle");
if (auth != null) return auth;

var items = DataProvider.fetch_item_pool().GetItemsForItemLine(id);
Expand Down
4 changes: 2 additions & 2 deletions C#api/Controllers/Item_TypesController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public IActionResult GetItemTypes()
[HttpGet("{id}")]
public IActionResult GetItemType(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_types", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_types", "getsingle");
if (auth != null) return auth;

var itemType = DataProvider.fetch_itemtype_pool().GetItemType(id);
Expand All @@ -37,7 +37,7 @@ public IActionResult GetItemType(int id)
[HttpGet("{id}/items")]
public IActionResult GetItemTypeItems(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_types", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "item_types", "getsingle");
if (auth != null) return auth;

var items = DataProvider.fetch_item_pool().GetItemsForItemType(id);
Expand Down
8 changes: 4 additions & 4 deletions C#api/Controllers/ItemsController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public IActionResult GetItems()
[HttpGet("{id}")]
public IActionResult GetItem(string id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "items", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "items", "getsingle");
if (auth != null) return auth;

var item = DataProvider.fetch_item_pool().GetItem(id);
Expand All @@ -37,7 +37,7 @@ public IActionResult GetItem(string id)
[HttpGet("{id}/inventory")]
public IActionResult GetItemInventories(string id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "items", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "items", "getsingle");
if (auth != null) return auth;

var inventories = DataProvider.fetch_inventory_pool().GetInventoriesForItem(id);
Expand All @@ -47,7 +47,7 @@ public IActionResult GetItemInventories(string id)
[HttpGet("{id}/locations")]
public IActionResult GetItemLocations(string id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "items", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "items", "getsingle");
if (auth != null) return auth;

var inventory = DataProvider.fetch_inventory_pool().GetInventoriesForItem(id)[0];
Expand All @@ -60,7 +60,7 @@ public IActionResult GetItemLocations(string id)
[HttpGet("{id}/inventory/totals")]
public IActionResult GetItemInventoryTotals(string id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "items", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "items", "getsingle");
if (auth != null) return auth;

var totals = DataProvider.fetch_inventory_pool().GetInventoryTotalsForItem(id);
Expand Down
4 changes: 2 additions & 2 deletions C#api/Controllers/LocationsController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public IActionResult GetLocations()
[HttpGet("{id}")]
public IActionResult GetLocation(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "locations", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "locations", "getsingle");
if (auth != null) return auth;

var location = DataProvider.fetch_location_pool().GetLocation(id);
Expand All @@ -37,7 +37,7 @@ public IActionResult GetLocation(int id)
[HttpGet("{id}/inventory")]
public IActionResult GetLocationInventory(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "locations", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "locations", "getsingle");
if (auth != null) return auth;

var inventory = DataProvider.fetch_location_pool().GetLocationsInWarehouse(id);
Expand Down
6 changes: 3 additions & 3 deletions C#api/Controllers/OrdersController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public IActionResult GetOrders()
[HttpGet("{id}")]
public IActionResult GetOrder(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "orders", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "orders", "getsingle");
if (auth != null) return auth;

var order = DataProvider.fetch_order_pool().GetOrder(id);
Expand All @@ -37,7 +37,7 @@ public IActionResult GetOrder(int id)
[HttpGet("{id}/items")]
public IActionResult GetOrderItems(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "orders", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "orders", "getsingle");
if (auth != null) return auth;

var items = DataProvider.fetch_order_pool().GetItemsInOrder(id);
Expand All @@ -47,7 +47,7 @@ public IActionResult GetOrderItems(int id)
[HttpGet("{id}/status")]
public IActionResult GetOrderStatus(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "orders", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "orders", "getsingle");
if (auth != null) return auth;

var order = DataProvider.fetch_order_pool().GetOrder(id);
Expand Down
8 changes: 4 additions & 4 deletions C#api/Controllers/ShipmentsController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public IActionResult GetShipments()
[HttpGet("{id}")]
public IActionResult GetShipment(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "shipments", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "shipments", "getsingle");
if (auth != null) return auth;

var shipment = DataProvider.fetch_shipment_pool().GetShipment(id);
Expand All @@ -37,7 +37,7 @@ public IActionResult GetShipment(int id)
[HttpGet("{id}/orders")]
public IActionResult GetShipmentOrders(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "shipments", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "shipments", "getsingle");
if (auth != null) return auth;

var orders = DataProvider.fetch_order_pool().GetOrdersInShipment(id);
Expand All @@ -47,7 +47,7 @@ public IActionResult GetShipmentOrders(int id)
[HttpGet("{id}/items")]
public IActionResult GetShipmentItems(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "shipments", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "shipments", "getsingle");
if (auth != null) return auth;

var items = DataProvider.fetch_shipment_pool().GetItemsInShipment(id);
Expand All @@ -57,7 +57,7 @@ public IActionResult GetShipmentItems(int id)
[HttpGet("{id}/status")]
public IActionResult GetShipmentStatus(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "shipments", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "shipments", "getsingle");
if (auth != null) return auth;

var shipment = DataProvider.fetch_shipment_pool().GetShipment(id);
Expand Down
4 changes: 2 additions & 2 deletions C#api/Controllers/SuppliersController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public IActionResult GetSuppliers()
[HttpGet("{id}")]
public IActionResult GetSupplier(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "suppliers", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "suppliers", "getsingle");
if (auth != null) return auth;

var supplier = DataProvider.fetch_supplier_pool().GetSupplier(id);
Expand All @@ -37,7 +37,7 @@ public IActionResult GetSupplier(int id)
[HttpGet("{id}/items")]
public IActionResult GetSupplierItems(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "suppliers", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "suppliers", "getsingle");
if (auth != null) return auth;

var items = DataProvider.fetch_item_pool().GetItemsForSupplier(id);
Expand Down
4 changes: 2 additions & 2 deletions C#api/Controllers/TransfersController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public IActionResult GetTransfer(int id)
[HttpGet("{id}/items")]
public IActionResult GetTransferItems(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "transfers", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "transfers", "getsingle");
if (auth != null) return auth;

var items = DataProvider.fetch_transfer_pool().GetItemsInTransfer(id);
Expand All @@ -47,7 +47,7 @@ public IActionResult GetTransferItems(int id)
[HttpGet("{id}/status")]
public IActionResult GetTransferStatus(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "transfers", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "transfers", "getsingle");
if (auth != null) return auth;

var transfer = DataProvider.fetch_transfer_pool().GetTransfer(id);
Expand Down
6 changes: 3 additions & 3 deletions C#api/Controllers/WarehousesController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public IActionResult GetWarehouses()
[HttpGet("{id}")]
public IActionResult GetWarehouse(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "warehouses", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "warehouses", "getsingle");
if (auth != null) return auth;

var warehouse = DataProvider.fetch_warehouse_pool().GetWarehouse(id);
Expand All @@ -37,7 +37,7 @@ public IActionResult GetWarehouse(int id)
[HttpGet("{id}/locations")]
public IActionResult GetWarehouseLocations(int id)
{
var auth = CheckAuthorization(Request.Headers["API_KEY"], "warehouses", "get");
var auth = CheckAuthorization(Request.Headers["API_KEY"], "warehouses", "getsingle");
if (auth != null) return auth;

var locations = DataProvider.fetch_location_pool().GetLocationsInWarehouse(id);
Expand All @@ -47,7 +47,7 @@ public IActionResult GetWarehouseLocations(int id)
// [HttpGet("{id}/inventory")]
// public IActionResult GetWarehouseInventory(int id)
// {
// var auth = CheckAuthorization(Request.Headers["API_KEY"], "warehouses", "get");
// var auth = CheckAuthorization(Request.Headers["API_KEY"], "warehouses", "getsingle");
// if (auth != null) return auth;

// var inventory = DataProvider.fetch_inventory_pool().GetInventoryForWarehouse(id);
Expand Down
79 changes: 79 additions & 0 deletions C#api/Tests/Security; Rolls/test_analyst.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
import httpx
import unittest
import os

class AnalystApiTests(unittest.TestCase):
@classmethod
def setUpClass(cls):
cls.base_url = "http://127.0.0.1:3000/api/v1/"
cls.client = httpx.Client(base_url=cls.base_url, headers={"API_KEY": "e1f2g3h4i5"}) # Analyst API key
cls.data_root = os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))), "data").replace(os.sep, "/")

# 3 actions that they have the right to perform

def test_GetWarehouses(self):
response = self.client.get("warehouses")
self.assertEqual(response.status_code, 200)

def test_GetSingleItem(self):
response = self.client.get("items/P000001")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()['Uid'], "P000001")

def test_GetOrders(self):
response = self.client.get("orders")
self.assertEqual(response.status_code, 200)

# 3 actions that they do not have the right to perform

def test_PostWarehouse(self):
new_warehouse = {
"Id": 0,
"Code": "WAR001",
"Name": "New Warehouse",
"Address": "123 Storage St",
"Zip": "12345",
"City": "Storageville",
"Province": "Storagestate",
"Country": "Storageland",
"Contact": {
"Name": "John Doe",
"Phone": "123-456-7890",
"Email": "johndoe@example.com"
},
"Created_At": "2024-11-14T16:10:14.227318",
"Updated_At": "2024-11-14T16:10:14.227318"
}
response = self.client.post("warehouses", json=new_warehouse)
self.assertEqual(response.status_code, 401)

def test_UpdateItem(self):
updated_item = {
"Uid": "ITEM123",
"Code": "CODE123",
"Description": "This is a test item.",
"Short_Description": "Test Item",
"Upc_Code": "123456789012",
"Model_Number": "MODEL123",
"Commodity_Code": "COMMOD123",
"Item_Line": 1,
"Item_Group": 2,
"Item_Type": 3,
"Unit_Purchase_Quantity": 10,
"Unit_Order_Quantity": 5,
"Pack_Order_Quantity": 20,
"Supplier_Id": 1,
"Supplier_Code": "SUP123",
"Supplier_Part_Number": "SUP123-PART001",
"Created_At": "2024-11-14T16:10:14.227318",
"Updated_At": "2024-11-14T16:10:14.227318"
}
response = self.client.put(f"items/{updated_item['Uid']}", json=updated_item)
self.assertEqual(response.status_code, 401)

def test_DeleteOrder(self):
response = self.client.delete("orders/1")
self.assertEqual(response.status_code, 401)

if __name__ == '__main__':
unittest.main()
Loading
Loading